Lucene search
MitreCVE-2022-42039HistoryOct 11, 2022 - 10:15 p.m.
CVE-2022-42039
2022-10-1122:15:11
CWE-434
mitre
web.nvd.nist.gov
25
7
cve-2022-42039
d8s-lists package
python
pypi
code-execution backdoor
democritus-dicts package
security vulnerability
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.005
Percentile
75.6%
The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.
Affected configurations
Node
democritusd8s-listsMatch0.1.0python
| Vendor | Product | Version | CPE |
|---|---|---|---|
| democritus | d8s-lists | 0.1.0 | cpe:2.3:a:democritus:d8s-lists:0.1.0:*:*:*:*:python:*:* |
References
Social References
More
Related
osv
osv
PYSEC-2022-43037
2022-10-11 22:15:00
CVE-2022-42039
2022-10-11 22:15:11
PYSEC-2022-43027
2022-10-11 22:15:00
cvelist
cvelist
CVE-2022-42039
2022-10-11 00:00:00
prion
prion
Code injection
2022-10-11 22:15:00
nvd
nvd
CVE-2022-42039
2022-10-11 22:15:11
cnvd
cnvd
Democritus Project d8s-lists code execution vulnerability
2022-10-13 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.005
Percentile
75.6%
Related for CVE-2022-42039